In recent news, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) settled a HIPAA investigation with Saint Joseph’s Medical Center over the unauthorized disclosure of COVID-19 patients’ protected health information (ePHI) to a national media outlet. This incident underscores a critical lesson in patient privacy, prompting Abyde to emphasize the significance of obtaining patient authorization before releasing any ePHI or images.

See, What Had Happened Was

Saint Joseph’s Medical Center, a non-profit academic medical center in New York, faced potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The center improperly disclosed sensitive patient information to a national media outlet without obtaining the necessary written authorization from the patients, leading to a settlement with the OCR.

The Importance of Patient Authorization

The OCR makes it clear that patients have the right to control the disclosure of their health information. This settlement highlights the need for healthcare providers to prioritize patient authorization before releasing any ePHI or images, particularly to the media.

Abyde’s Take

When undergoing medical treatment in medical facilities, patients should feel assured that their healthcare providers will not disclose their personal health information to the media without obtaining proper authorization. Abyde cannot stress enough the responsibility of healthcare providers in safeguarding patient privacy.

Key Takeaways:

• Patient Privacy First: Abyde emphasizes the principle that patient privacy must always be a top priority in healthcare settings.
• Importance of Authorization: The OCR settlement serves as a reminder that obtaining written authorization from patients is not just a legal requirement but a fundamental aspect of respecting patient autonomy. Abyde will dynamically generate a formal Multimedia Policy and Procedure document along with a Media Consent Form that can be used for patients to sign if their name or likeness is used.
• Compliance with HIPAA: Abyde underscores the significance of complying with the HIPAA Privacy Rule, ensuring that healthcare providers understand and adhere to the regulations in place.
• Abyde’s Solution: Abyde provides a comprehensive solution that guides healthcare providers in developing written policies and procedures aligned with the HIPAA Privacy Rule. Our platform ensures that staff is trained on these policies, fostering a culture of awareness and compliance.

Our Final Word

The settlement with Saint Joseph’s Medical Center serves as a valuable lesson for healthcare providers everywhere. Abyde remains committed to supporting practices in navigating the complexities of HIPAA compliance, with a specific emphasis on the importance of obtaining patient authorization before disclosing any ePHI or images. To see why Abyde is considered the pre-eminent HIPAA compliance solution, click here to schedule a demo.